Is that USB Flash Drive a Security Risk?

Nov 10, 2014

USB Flash Drives are so useful and so commonly used by most of us today that it would be difficult to imagine a world of computers without them. However, in spite of their benefits, there is a possibility that they also pose a security threat by result of a programmable chip inside them. This chip has been found in many different types of USB devices and can allow 3rd parties access into your computer systems.

Read this guide to learn what is does and how you can minimise the risks for your business.

What does it do?

Researchers have developed a piece of software to demonstrate what this programmable chip inside the USB Flash Drives are capable of. The Flash Drives can be used to completely take over any PC into whose USB port they are inserted, allowing them access to all data on that PC. It has the ability to send codes both to the computer from the USB and from the USB to the PC. Tracking web history, downloading and uploading files and even adding malicious and infected software into installations on the PC.

In fact, it’s so complex that it is able to control keyboards, thus is able to type commands. This means that a seemingly harmless, USB Flash Drive would be able to carry out any task that any computer user could.

The worse news is that nothing can really be done to prevent these malicious attacks. Of course, you can scan and delete files on these flash drives, but it is nigh on impossible to even come close to destroying these types of files. This is because, instead of the files being stored in a folder on the device, they are actually installed in the firmware of the device itself, effectively reprogramming it.

How can you minimise the risk to your business?

In order to reduce the risk that your business will fall victim to this problem, you and everyone within your business must change their behaviour with regards to using USB Flash Drives.

It is vital that you only use USB devices from trusted sources. Never, for any reason, borrow one from someone outside the business that may stand as a threat. Treat your computer security as you would when asking someone to watch your handbag or briefcase.

While this may seem over the top, it is essential in order to ensure the safety of your computer network. If you come across a USB that is not yours, and you don’t know whose it is, you should not use it. Remember, just because a device appears not to have anything wrong with it doesn’t mean that it doesn’t; you should automatically consider it dangerous.

Unfortunately, as there are currently no ways of destroying such software and programming on these USB devices, there is no way to completely eliminate a risk to any businesses. The only thing you can do is increase awareness in the workplace and reinforce the importance of prudence.